4 Questions About Canada’s Anti-Spam Legislation that All Marketers Should Read

CASL applies not only to Canadian marketers but also to any business sending marketing messages to Canadian consumers.

We have received many great questions from customers who are using email marketing and other marketing tools to engage with their audience online.

We caught up with Shaun Brown, Canadian lawyer practicing at nNovation LLP and CASL expert, and asked him to provide guidance in response to the top questions we received about CASL.

Please note: The responses to these questions should not be considered legal advice. Please seek legal advice if you have any questions or concerns about how CASL may apply to your activities.

If I’m on social networking sites like LinkedIn, Twitter/X, and Facebook: Is it considered express consent when people “like” or “follow” my page? Can I send messages to my fans (through the social platform, email, or both)?

CASL establishes some specific requirements when requesting express consent for the purposes of sending a commercial electronic message (CEM). Senders need to ask for consent, and when they do, they must explain the purposes for requesting consent. A sender must also provide the prescribed identification information and explain that recipients can unsubscribe in the future, as required by the Canadian Radio-television and Telecommunications Commission (CRTC) regulations. It seems unlikely that a “like” or “follow” could be characterized as meeting these specific requirements.

If I’m an exhibitor at an event: Can I collect business cards with the intention of building my contact list? Is the fishbowl method an acceptable form of obtaining consent?

I’ll address this in two parts.

First, it may be possible that the person collecting the business cards can rely on implied consent. CASL states that consent can be implied if:

1. A recipient provides their electronic address directly to the sender.
2. The recipient does not indicate that they do not wish to receive unsolicited commercial electronic messages.
3. The commercial electronic message is related to the recipient’s business or official capacity.

It is arguable that the recipient is providing their electronic address directly to the sender when they put their business card in the fishbowl. Assuming this to be a proper interpretation of CASL, and assuming the recipient did not indicate that they do not wish to be contacted, then consent would be implied to send CEMs that are related to the recipient’s business or official capacity.

Second, it might be possible to obtain express consent. For example, a sender could post a sign next to the fishbowl stating that by entering a business card into the fishbowl, a user is providing express consent to receiving CEMs from the organization (not that exact language, but something that specifically describes what they are consenting to). The sign would also have to provide the prescribed identification information and explain that they can unsubscribe in the future, as required by the CRTC regulations.

Without guidance and interpretation from regulators, we can’t say for certain that this is compliant with CASL. However, I personally do not see why it shouldn’t be. In my view, reaching into your pocket, pulling out a business card, and physically placing it in a fishbowl is a very clear expression of consent, just as if not more so than checking a box on a web form.

Just don’t forget that CASL states that any person claiming to have consent bears the burden of proving it. This means that when entering the person into an email system, it will be important to record certain information for evidentiary purposes, such as when and how the email address was collected.

If I’m a nonprofit: Are there specific regulations for me since I’m not selling anything?

CASL applies to any person who sends a CEM, regardless of who that person is. So, any organization that sends a CEM must comply with CASL. If the messages you are sending are not CEMs, according to this definition, then CASL does not apply.

A CEM is defined in CASL as:

An electronic message that, having regard to the content of the message, hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that…

(a) offers to purchase, sell, barter, or lease a product, goods, a service, land, or an interest or right in land;
(b) offers to provide a business, investment, or gaming opportunity;
(c) advertises or promotes anything referred to in paragraph (a) or (b); or
(d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.

There is an exemption for CEMs sent by or on behalf of registered charities (as defined under the Income Tax Act) when the primary purpose of the message is to raise funds. In these cases, registered charities are exempt from CASL’s CEM rules.

Additionally, there is a provision that allows organizations to send CEMs based on implied consent if there is an “existing non-business relationship.” An existing non-business relationship is deemed to arise where the sender: is a charity, political party or political candidate, and the recipient has volunteered, made a donation or given a gift within the previous two years; or is a club, association or volunteer organization of which the recipient has been a member within the previous two years.

If I already have an existing contact list: Do I have to reconfirm consent if I’ve been mailing my contacts for years? How does “grandfathering” work?

Under CASL, there isn’t a traditional “grandfather clause” that permanently exempts existing contacts from consent requirements. However, there was a transitional period:

• When CASL took effect on July 1, 2014, businesses had a three-year transitional period (until July 1, 2017) during which they could rely on implied consent for contacts they had existing relationships with, such as customers or people who had given their email within the past two years.
• Since July 1, 2017, implied consent expired for many contacts, and you must have express consent from all contacts unless their implied consent was refreshed through recent interactions.

So, while older contacts might have had implied consent during the transitional period, you now generally need to obtain express consent to continue sending commercial electronic messages.

Express consent given before CASL came into effect on July 1, 2014, is still valid and recognized under CASL, as long as it was obtained in a manner consistent with CASL’s requirements (clear, informed, and voluntary consent), and you have proper records to prove it.

Because express consent doesn’t expire under CASL, you don’t need to get those contacts to reconfirm their permission, unless you want to refresh your list or clarify your messaging.

There are a few considerations worth pointing out. Senders not only need to have consent, but they also bear the burden of proving it. Thus, you may be required to provide evidence that you obtained consent in compliance with CASL to the CRTC, which is the enforcement agency under the legislation, if you are ever investigated for violating CASL.

Even if you do not have express consent, you may be able to rely on implied consent. For example, an existing business relationship arises if the recipient has made a purchase from you in the previous two years.

Senders need to review their lists and determine whether they have express or implied consent for existing contacts. If they don’t, then they may need to consider a reconfirmation strategy or face the risk of violating CASL.